package uf.audit.intercept;

import java.util.ArrayList;
import java.util.List;

import uf.audit.controller.UFBaseController;
import uf.audit.util.Utils;

import com.jfinal.aop.Interceptor;
import com.jfinal.aop.Invocation;

/**
 * 权限拦截器
 * 
 * @author sunny
 *
 */
public class AuthInterceptor implements Interceptor {

	private static List<String> excludeStrings;

	/*
	 * 例外url配置，这些url将会被权限拦截器忽略
	 */
	static {
		excludeStrings = new ArrayList<String>();
		excludeStrings.add("/login");
		excludeStrings.add("/logout");
		excludeStrings.add("/");
	}

	public void intercept(Invocation invocation) {
		String urlString = invocation.getControllerKey();
		if (excludeStrings.contains(urlString)) {
			invocation.invoke();
			return;
		}
		UFBaseController ufbc = (UFBaseController) invocation.getController();
		if (Utils.isLogin(ufbc)) {
			// 这里可以放权限验证逻辑（功能部分），如果要做数据权限设置，建议采用alibaba的druid连接池
			invocation.invoke();
		} else {
			ufbc.redirect("/");
		}
	}
}
